Obscurity | HackTheBox Writeup
Obscurity is a Medium Linux-based machine in HackTheBox
Start with nmap scan found 2 open ports
Go to the website, From the webpage we identified a file ‘SuperSecureServer.py’
Try to find where it located on the website using WFUZZ tool, and we got it is inside the develop folder
Go to the Page, we can see the Python file in their
By Analyzing the code, I identified the ‘exec()’ contains the path variable, which gives by us
It is using python, so search for python reverse shell and i found from pentestmonkey
Copy and Paste it as the path after the Host and we got a shell
I found Robert is a user from ‘/etc/passwd’ , So go to ‘/home/robert/’ folder.
We can see some files and a python script.
by reading ‘check.txt’ we identified that the key will get from ‘out.txt’.
so tried with the python script’s options and add ‘key to use’ as the text which is in ‘check.txt’.
Now we got the key to decrypt the ‘passwordreminder.txt’.
execute python script with the key we got now and
We Got the Password for the Robert User and log in as Robert.
We got User flag
Now check which all are we can execute with sudo privilege, we found ‘BetterSSH.py’ from BetterSSH folder.
From Robert’s directory, I found Robert has the privilege to modify the directory.
So I moved the current BetterSSH to BetterSSH_backup and created a BetterSSH folder.
And I added the BetterSSH.py file. In that file, i added code to get the bash shell.
Now execute the file with sudo permission and we got root user and flag